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What is claimed is: 

1 . A network connection control apparatus for granting 
or rejecting access when a device on a global network 
demands access to services provided on a local network, 
comprising: 

authentication means for authenticating the device on 
said global network; 

access permission entry creating means for creating an 
access permission entry in response to an access request 
from the device authenticated by said authentication means, 
and adding said access permission entry to an access 
permission list; and 

control means which, upon receiving a data packet sent 
from the device on said global network, determines whether 
or not said data packet should be transferred to said local 
network based on information extracted from the header of 
said data packet and on the access permission entry 
contained in said access permission list. 

2. A network connection control apparatus according to 
Claim 1, wherein said access permission entry creating means 
extracts access information from an access request packet 
transmitted from the authenticated device, thereby creating 
an access permission entry containing a source IP address, a 
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destination IP address, a source port number, a destination 
port number and a last access permission time. 

3 . A network connection control apparatus according to 
Claim 1 , wherein said control means extracts a source IP 
address, a destination IP address, a source port number and 
a destination port number from the header of the data packet 
transmitted from the device on said global network, compares 
these extracted items of information with the information 
about the access permission entry contained in said access 
permission list, and transfers said data packet to said 
local network if the two pieces of information correspond in 
all of the source IP address, destination IP address, source 
port number and destination port number. 

4 . A network connection control apparatus according to 
Claim 1, wherein said control means eliminates the access 
permission entry corresponding to a relevant access from 
said access permission list in accordance with an access 
termination notification from the device on said global 
network. 

5. A network connection control apparatus according to 
Claim 1, wherein said control means calculates the length of 
time which elapsed from the last access based on a last 
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access permission time stored in the access permission entry 
which corresponds to the time at which the data packet was 
received from the device on said global network, and 
eliminates the access permission entry from said access 
permission list when the elapsed time exceeds a 
predetermined reference time. 

6. A network connection control apparatus according to 
Claim 1, further comprising storage means for storing said 
access permission list. 

7 . A network connection control method for granting or 
rejecting access when a device on a global network demands 
access to services provided on a local network, comprising 
the steps of: 

authenticating the device on said global network; 

creating an access permission entry in response to an 
access request from the authenticated device and adding the 
access permission entry to an access permission list; 

determining, upon receiving a data packet from a device 
on said global network, whether or not said data packet 
should be transferred to said local network based on 
information extracted from the header of said data packet 
and on the access permission entry contained in said access 
permission list. 
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8. A network connection control method according to 
Claim 7, wherein, in the step of creating the access 
permission entry, access information is extracted from an 
access request packet transmitted from the authenticated 
device, so that an access permission entry can be created 
which contains a source IP address, a destination IP address, 
a source port number, a destination port number and a last 
access permission time. 

9. A network connection control method according to 
Claim 7, wherein a source IP address, a source port number, 
a destination IP address and a destination port number are 
extracted from the header of the data packet transmitted 
from the device on said global network, and the extracted 
items of information are compared with information about the 
access permission entry contained in said access permission 
list, whereby said data packet is transferred to said local 
network if the two pieces of information correspond in all 
of the source IP address, destination IP address, source 
port number and destination port number. 



